<h2>Admin &raquo; Pages</h2>
<?php
$act = '';
if (isset($_GET['act']))
	$act = addslashes($_GET['act']);

//////////////////////////////////////////////////////////////// CONFIRM ORDER
if ($act == 'confirmorder')
{
	// TODO: code veiliger maken met addslahes
	foreach ($_POST as $key => $value)
	{
		$keysplit = explode('|', $key);
		$vartype = $keysplit[0];
		$pageid = $keysplit[1];
		if ($vartype == 'order' && $value != $_POST["original|$pageid"])
		{
			mysql_query("UPDATE dcms_pages SET `order`=$value WHERE id=$pageid; ");
		}
	}
	echo "<p style=\"color: #090;\">Successfully changed the order of the pages!</p>";
	$act = '';
}
///////////////////////////////////////////////////////////////////////// EDIT
else if ($act == 'edit')
{
	$editid = addslashes($_GET['id']);
	$original = query_to_hash("SELECT parent, visible, title, urltitle, content, `type`, security_level, security_group FROM dcms_pages WHERE id=$editid");
	$content = $original['content'];
	$title = $original['title'];
	$parent = $original['parent'];
	$parents = array();
	$parents[0] = 'None';
	$parentresult = mysql_query("SELECT id, title FROM dcms_pages WHERE NOT id=$editid");
	while ($parentrow = mysql_fetch_array($parentresult))
		$parents[$parentrow['id']] = $parentrow['title'];
	$originallevel = $original['security_level'];
	$access = array();
	$access[] = 'public';
	$access[] = 'member';
	$access[] = 'moderator';
	$access[] = 'admin';
	$containsPHP = (strpos($content, '<?php') !== false);
	
?>
<script type="text/javascript">
<!--
function showContent()
{
	document.getElementById('contentContainer').style.display = 'block';
}
function hideContent()
{
	document.getElementById('contentContainer').style.display = 'none';
}
//-->
</script>
<h3>Edit page '<?php echo $title; ?>'</h3>
<form method="post" action="?s=pages&act=confirmedit">
	<p>
		Title: <input type="text" name="title" value="<?php echo $title; ?>" size="40" /><br />
		URL title: <input type="text" name="urltitle" value="<?php echo $original['urltitle']; ?>" size="20" /><br />
		Visible: <input type="radio" name="visible" value="T" <?php echo ($original['visible'] == 'T' ? 'checked=\"checked\"' : ''); ?> /> Yes
		<input type="radio" name="visible" value="F" <?php echo ($original['visible'] == 'F' ? 'checked=\"checked\"' : ''); ?> /> No<br />
		Type: 
		<input onclick="showContent();" type="radio" name="type" value="page" <?php echo ($original['type'] == 'page' ? 'checked=\"checked\"' : ''); ?> /> Page
		<input onclick="hideContent();" type="radio" name="type" value="link" <?php echo ($original['type'] == 'link' ? 'checked=\"checked\"' : ''); ?> /> Link<br />
		Parent: <select size="1" name="parent">
			<?php
				foreach ($parents as $parentid => $parenttitle)
				{
					$selected = ($parentid == $parent ? ' selected="selected"' : '');
					echo "<option value=\"$parentid\" $selected>$parenttitle</option>\n";
				}
			?>
		</select><br />
		Access level: <select size="1" name="security_level">
			<?php
				foreach ($access as $level)
				{
					$selected = ($level ==  $originallevel ? ' selected="selected"' : '');
					echo "<option value=\"$level\" $selected>$level</option>\n";
				}
			?>
		</select><br />
		<input type="button" value="Cancel" onclick="window.location='?s=pages';" />
		<input type="submit" value="Save" />
		<div id="contentContainer">
			<p style="border-bottom: 1px solid;"><strong>Content:</strong> <small>(Will be ignored when the Type is 'link'.)</small></p>
			<textarea name="content" rows="30" cols="80"><?php echo htmlspecialchars($content); ?></textarea><br />
			<input type="hidden" name="editid" value="<?php echo $editid; ?>" />
			<input type="button" value="Cancel" onclick="window.location='?s=pages';" />
			<input type="submit" value="Save" />
		</div>
		<?php if ($original['type'] == 'link') { ?>	
		<script type="text/javascript">
		<!--
		hideContent();
		//-->
		</script>
		<?php } ?>
	</p>
</form>
<?php if (!$containsPHP) { ?>
<script type="text/javascript">
	window.onload = function()
	{
		var oFCKeditor = new FCKeditor( 'content' ) ;
		oFCKeditor.BasePath	= 'fckeditor/' ;
		oFCKeditor.Height	= 480 ;
		oFCKeditor.ReplaceTextarea() ;
	}
</script>
<?php
	}
}
///////////////////////////////////////////////////////////////// CONFIRM EDIT
else if ($act == 'confirmedit')
{
	// title, urltitle, visible, type, parent, security_level, content
	$title = addslashes($_POST['title']);
	$urltitle = addslashes($_POST['urltitle']);
	$visible = addslashes($_POST['visible']);
	$type = addslashes($_POST['type']);
	$parent = addslashes($_POST['parent']);
	$security_level = addslashes($_POST['security_level']);
	$content = addslashes($_POST['content']);
	$editid = addslashes($_POST['editid']);
	
	$editquery = 	"UPDATE dcms_pages SET title='$title', urltitle='$urltitle', " .
					"visible='$visible', `type`='$type', parent='$parent', " .
					"security_level='$security_level', content='$content' " .
					"WHERE id=$editid";
	if (mysql_query($editquery))
	{
		?>
		<script type="text/javascript">
			window.location = "?s=pages";
		</script>
		<?php
	}
	else
	{
		echo "<p style=\"color: #F00;\">A database error occurred.</p>";
	}
}
////////////////////////////////////////////////////////////////////////// ADD
else if ($act == 'add')
{
?>
<h3>Add a new page</h3>
<form method="post" action="?s=pages&act=confirmadd">
	<p>
		Title: <input type="text" name="title" size="30" /><br />
		URL title: <input type="text" name="urltitle" size="20" /><br />
		<input type="button" value="Cancel" onclick="window.location='?s=pages';" />
		<input type="submit" value="Continue &raquo;" />
	</p>
</form>
<?php
}
////////////////////////////////////////////////////////////////// COMFIRM ADD
else if ($act == 'confirmadd')
{
	$title = addslashes($_POST['title']);
	$urltitle = addslashes($_POST['urltitle']);
	
	if (mysql_query(	'INSERT INTO dcms_pages (parent, `order`, visible, author, title, urltitle, content, `type`, security_level, security_group) ' .
						"VALUES (0, 1, 'F', $userinfo[id], '$title', '$urltitle', '', 'page', 'public', 0)"))
	{
		$added = query_to_hash("SELECT id FROM dcms_pages WHERE title='$title' AND urltitle='$urltitle'");
		?>
		Successfully created the page/link. You can edit more detailed options when you 
			<a href="?s=pages&act=edit&id=<?php echo $added['id']; ?>">Continue</a>...
		<script type="text/javascript">
			window.location = "?s=pages&act=edit&id=<?php echo $added['id']; ?>";
		</script>
		<?php
	}
	else
	{
		?>
		<p style="color: #F00;">A database error occurred. Are you sure that the URL title of this page is unique? 
			Use the Back-button of your browser to correct the errors.</p>
		<?php
	}
}
/////////////////////////////////////////////////////////////////////// REMOVE
else if ($act == 'remove')
{
	$removeid = addslashes($_GET['id']);
	$page = query_to_hash("SELECT title FROM dcms_pages WHERE id=$removeid");
?>
<form method="post" action="?s=pages&act=confirmremove">
	<p style="color: #F00;">
		<input type="hidden" name="removeid" value="<?php echo $removeid; ?>" />
		Are you sure you want to remove the page '<?php echo $page['title']; ?>'?<br />
		<input type="button" value="Cancel" onclick="window.location='?s=pages';" />
		<input type="submit" value="Remove" />
	</p>
</form>	
<?php
}
/////////////////////////////////////////////////////////////// COMFIRM REMOVE
else if ($act == 'confirmremove')
{
	$removeid = addslashes($_POST['removeid']);
	if (mysql_query("DELETE FROM dcms_pages WHERE id=$removeid"))
	{
		?>
		Successfully removed the page.
		<script type="text/javascript">
			window.location = "?s=pages";
		</script>
		<?php
	}
	else
	{
		?>
		<p style="color: #F00;">A database error occurred.</p>
		<?php
	}
}
///////////////////////////////////////////////////////////////////////// LIST
if ($act == '')
{
	$listquery = 	"SELECT id , parent , `order` , " .
					"visible , title , urltitle , dcms_pages. `type` as `type` , " .
					"security_level , security_group " .
					"FROM dcms_pages " .
					"ORDER BY `order`";
	$result = mysql_query($listquery);
	$page_count = mysql_num_rows($result);
?>
<p><a href="admin.php">Back to Admin Home</a><br />
	<a href="?s=pages&act=add">Add new Page</a></p>
<h3>Table of Pages</h3>
<form method="post" action="?s=pages&act=confirmorder">
<?php
	echo "$page_count page" . ($page_count == 1 ? '' : 's') . ' found.';
	echo "<table class=\"thingreytable\">";
	echo "<tr><th>Title</th><th>Type</th><th>Access level</th><th>Visible</th><th>Actions</th><th>Order</th></tr>";
	while ($row = mysql_fetch_array($result))
	{
		if (check_permission($row['security_level'], $row['security_group']))
		{
			echo "<tr>";
			echo "<td>" . ($row['visible'] == 'T' ? '<strong>' : '') . $row['title'] . ($row['visible'] == 'T' ? '</strong>' : '') . "</td>";
			echo "<td>$row[type]</td>";
			echo "<td>$row[security_level]</td>";
			echo "<td>" . ($row['visible'] == 'T' ? 'yes' : 'no') . "</td>";
			echo "<td><a href=\"?s=pages&act=edit&id=$row[id]\">Edit</a> / <a href=\"?s=pages&act=remove&id=$row[id]\">Remove</a></td>";
			echo "<td><input type=\"text\" name=\"order|$row[id]\" value=\"$row[order]\" size=\"3\" />";
			echo "<input type=\"hidden\" name=\"original|$row[id]\" value=\"$row[order]\" /></td>";
			echo "</tr>";
		}
	}
?>
<tr><td colspan="5">&nbsp;</td><td><input style="font-size: 0.8em;" type="submit" value="Save" /></td></tr>
</table>
</form>

<?php
}
?>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          